Transaction Remote Release, a Tor-Inspired Proposed Change to Bitcoin Protocol for Anonymous Transactions
It’s well known that bitcoin transactions are not anonymous. Every transaction and the full transaction history of any bitcoin address are permanently recorded in the tamper-proof public blockchain and open to analysis. A bitcoin addresses isn’t explicitly associated to its owner, but blockchain network analysis can often de-anonymize bitcoin users.
Bitcoin Magazine recently reported that two companies, Chainalysis and Elliptic , sell sophisticated blockchain network analysis tools and services to trace bitcoin transactions back to their participants, and de-anonymize users. Such services often anger libertarian early adopters, but the direction of the evolutionary trend in the Bitcoin space is clear – governments and financial institutions are gradually warming up to blockchain technology as a means to achieve faster, cheaper and better recorded transactions, but consider privacy and anonymity as bugs that need to be fixed.
Recommended privacy practices, from simple measures such as using fresh Bitcoin addresses for new transactions to strong privacy measures such as dark wallets and mixing services, reduce the risk of being de-anonymized, but there are documented attack strategies that often permit identifying bitcoin users by IP. Using the Tor network provides additional privacy protection by masking the user’s IP, but ways to work around Tor privacy have been found.
Now two researchers from the ATR Defense Science & Technology Lab at Shenzhen University, in China, have published a white paper titled “Transaction Remote Release (TRR): A New Anonymization Technology for Bitcoin .” The researchers propose a new anonymization technology called Transaction Remote Release (TRR). Inspired by Tor, TRR is able to render several typical attack strategies ineffective. “Furthermore, the performance of encryption and decryption of TRR is good and the growth rate of the cipher is very limited,” say the researchers. “Hence, TRR is suited for practical applications.”
“In the Bitcoin protocol, the only way that the attackers can connect the Bitcoin address with an IP address is in the process of releasing and spreading a new transaction,” note the researchers. Therefore, they propose to encrypt the new transaction and obfuscate the source IP of the sender.
TRR is inspired by the idea of encryption and decryption layer by layer as used in Tor. A client encrypts a new transaction, layer by layer, using the public key from different TRR nodes. Then it establishes an independent connection to other TRR nodes, one by one, without using the spreading mechanism of the Bitcoin network.
When a TRR node receives data, it will decrypt it using its private key. Then it transmits the remaining data to the next node. When the last TRR node is reached, it will release the transaction to the Bitcoin network. Every node knows its previous node and next node. Only the client and the last node know the content of the transaction but the last node does not know the IP address of the client.
The researchers analyze several possible de-anonymization attack strategies, including Bitcoin protocol sniffers, the Sybil attack, Sybil attack plus entry nodes, fake Bitcoin nodes and fake TRR nodes attack, and conclude that TRR can help clients gain strong anonymity.
"In addition, the experiments show that the performance of the TRR multi-layered encryption and decryption algorithm is satisfactory in practice and the growth rate of cipher text is very limited,” note the researchers in the conclusion.
The researchers acknowledge that the current TRR proposal is vulnerable to DoS attacks based on fake TRR requests, and state that further research to eliminate this weakness is ongoing.
But another weakness is that implementing TRR would require changes to the Bitcoin protocol. That is a serious weakness, because it seems evident that, in the privacy-as-bug climate that is developing around Bitcoin, there is just no way modifications to Bitcoin Core explicitly aimed at anonymity could ever be accepted.
Therefore, it might make more sense to consider implementing TRR in a privacy-enhanced sidechain. The modifications to Bitcoin Core required for implementing sidechains are justified by general considerations much more acceptable from a mainstream perspective. Sidechain Elements , the first experimental code base for sidechains released by Blockstream, includes confidential transactions, and a sidechain implementation of TRR could be a workable way to sneak privacy in.
The popular website Daily Dot covered the TRR white paper and noted that TRR first emerged in 2014 during the development of DarkNetCoin, a niche cryptocurrency focused on anonymity. Unfortunately the conclusion of the Daily Dot article, “Bitcoin did not respond to a request for comment about TRR,” reveals that the mainstream press still has basic things to learn about Bitcoin.